Categories: Cyber Security News

New Unpatched Windows Print Spooler Bug Let Hackers Exploit The Elevation of Privilege

Microsoft issued a new security warning about the unpatched Windows Print Spooler Elevation of privilege vulnerability that allows attackers to execute an arbitrary code with the system privileges’.

“The print spooler service is a service that is running on each computer that participates in the Print Services system. The print spooler service implements the print client and print server roles, by enabling each participating system to act as a print client, administrative client, or print server for the Print Services system.”

The Vulnerability found existing in the Print Spooler service allows attackers to perform a local elevation of privilege.

Once the attackers successfully exploited this vulnerability, they could install the malicious programs, modify, change and delete the data, which also allows attackers to create new user accounts.

In order to exploit the vulnerability, an attacker needs to execute the code on a victim system, and it is a local privilege escalation vulnerability and tracked as CVE-2021-34481.

According to Microsoft report “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. “


Microsoft published a work around for this vulnerability to secure the system from this vulnerability.

“We will update this CVE when we complete our investigation. If you wish to be notified when updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.” Microsoft said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

10 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago